<?php

// ========================== 文件说明 ==========================//
// 本文件说明：附件输出
// --------------------------------------------------------------//
// 本程序作者：angel
// --------------------------------------------------------------//
// 本程序版本：SaBlog-X Ver 1.6
// --------------------------------------------------------------//
// 本程序主页：http://www.sablog.net
// ========================== 开发环境 ==========================//
// register_globals = Off
// --------------------------------------------------------------//
// magic_quotes_gpc = On
// --------------------------------------------------------------//
// safe_mode = On
// --------------------------------------------------------------//
// Windows server 2003 & Linux & FreeBSD
// --------------------------------------------------------------//
// Apache/1.3.33 & PHP/4.3.2 & MySQL/4.0.17
// --------------------------------------------------------------//
// Apache/1.3.34 & PHP/4.4.1 & MySQL/5.0.16
// --------------------------------------------------------------//
// Apache/2.0.55 & PHP/5.1.1 & MySQL/5.0.15
// --------------------------------------------------------------//
// Copyright (C) Security Angel Team All Rights Reserved.
// ==============================================================//


// 加载前台常用函数

require_once('global.php');

if (IS_ROBOT && !checkr_ua()) {
	exit(header("HTTP/1.1 403 Forbidden"));
}

session_start();

if ($options['remote_open']) {
	$skd = $_GET['skd'];
	$uinfo = parse_url($options['url']);
	$ourhost = str_replace('www.', '', $uinfo['host']);
	//如果包含端口信息,去掉端口,否则都会禁止下载
	if (strpos($ourhost,':')){
		$ourhost = substr($ourhost, 0, strrpos($ourhost, ':'));
	}
	$uinfo = parse_url($_SERVER['HTTP_REFERER']);
	$remotehost = str_replace('www.', '', $uinfo['host']);
	if (strpos($remotehost,':')){
		$remotehost = substr($remotehost, 0, strrpos($remotehost, ':'));
	}
	unset($uinfo);
	if ($ourhost != $remotehost) {
		if(!$skd || $skd != $_SESSION['skd']) {
			message($skd.'附件禁止从地址栏直接输入或从其他站点链接访问'.$_SESSION['skd'], './');	
		}
	}
}


// 查询文章

$attachmentid = intval($_GET['id']);
$attachmenttable = trim($_GET['tb']);

if (!$attachmentid){

	message('缺少参数', './');

} else {

	//我自己增加的分享文档的下载功能
	if (empty($attachmenttable)) {
		$attachinfo = $DB->fetch_one_array("SELECT at.*, ar.visible, ar.articleid as artid, ar.attachments FROM {$db_prefix}attachments at LEFT JOIN {$db_prefix}articles ar ON (ar.articleid=at.articleid) WHERE ar.visible='1' AND at.attachmentid='$attachmentid'");

		if (!$attachinfo) {
			message('附件无效', './');
		}
		$attach = unserialize(sax_stripslashes($attachinfo['attachments']));
		if (!$attach[$attachmentid]) {
			message('附件无效', './');
		} else {
			@extract($attach[$attachmentid]);
			$attach[$attachmentid]['downloads']++;
			$attach = sax_addslashes(serialize($attach));
			// 更新下载次数
			$DB->unbuffered_query("UPDATE {$db_prefix}attachments SET downloads=downloads+1 WHERE attachmentid='$attachmentid'");
			$DB->unbuffered_query("UPDATE {$db_prefix}articles SET attachments='$attach' WHERE articleid='".$attachinfo['articleid']."'");
		}
	} elseif ($attachmenttable == 'files') {
		$attachinfo = $DB->fetch_one_array("SELECT * FROM {$db_prefix}{$attachmenttable}_attachments WHERE  attachmentid='$attachmentid'");
		if(!$attachinfo) {
			message('附件无效', './');
		}
		$attachinfo['downloads']++;
		$DB->unbuffered_query("UPDATE {$db_prefix}{$attachmenttable}_attachments SET downloads=downloads+1 WHERE attachmentid='$attachmentid'");
	} elseif ($attachmenttable == 'p' ) {
		$attachinfo = $DB->fetch_one_array("SELECT * FROM {$db_prefix}{$attachmenttable}_attachments WHERE  attachmentid='$attachmentid'");
		if(!$attachinfo) {
			message('附件无效', './');
		}
		$attachinfo['downloads']++;
		$DB->unbuffered_query("UPDATE {$db_prefix}{$attachmenttable}_attachments SET downloads=downloads+1 WHERE attachmentid='$attachmentid'");
	} elseif ($attachmenttable == 'caselib') {
		$DB->unbuffered_query("UPDATE {$db_prefix}caselib SET downloads=downloads+1 WHERE caseid='$attachmentid'");
		if($sax_uid != 1) {
			message('对不起，您没有足够的权限以下载该文件');
		}
		$attachinfo = $DB->fetch_one_array("SELECT * FROM {$db_prefix}caselib WHERE visible='1' AND caseid='$attachmentid'");
	}

}

if ($options['remote_open']) {
	//检查是否设置cookie,简单的进行防盗链
	$articleids = $_COOKIE['articleids'];
	/*
	if (intval($_COOKIE['viewarticle'])+3600 < $timestamp) {
		message('附件禁止从地址栏直接输入或从其他站点链接访问', './');
	} elseif ($articleids && is_array($articleids)) {
		$articleids = array_unique($articleids);
		if (!in_array($attachinfo['artid'], $articleids)) {
			message('附件禁止从地址栏直接输入或从其他站点链接访问', './');
		}
	}
	*/
	if ($articleids && is_array($articleids) && !$attachmenttable) {
		$articleids = array_unique($articleids);
		if (!in_array($attachinfo['artid'], $articleids)) {
			message('附件禁止从地址栏直接输入或从其他站点链接访问', './');
		}
	}
	if ($attachmenttable) {
		if (!$sax_uid || !$sax_pw || !$sax_logincount || !$sax_hash) {
			message('对不起，该文档暂时不提供下载服务', './');
		}
	}
}

if(empty($attachmenttable)) {
	$filepath = SABLOG_ROOT.$options['attachments_dir'].$attachinfo['filepath'];
} elseif($attachmenttable == 'caselib') {
	$filepath = SABLOG_ROOT.$options['caselib_dir'].'/'.$attachinfo['filepath'];
} else {
	$filepath = SABLOG_ROOT.$options['attachments_dir'].'/'.$attachmenttable.'/'.$attachinfo['filepath'];
}

$isimage = 0;
if (stristr($attachinfo['filetype'], 'image')){ 
	$imginfo = @getimagesize($filepath); 
	if ($imginfo[2] && $imginfo['bits']) {
		$isimage = 1;
	}
	unset($imginfo);
}

$attachment = $isimage ? ($options['display_attach'] ? 'inline' : 'attachment') : 'attachment';
$attachinfo['filetype'] = $attachinfo['filetype'] ? $attachinfo['filetype'] : 'unknown/unknown';



if(is_readable($filepath)) {
	ob_end_clean();

	header('Cache-control: max-age=31536000');

	header('Expires: ' . gmdate('D, d M Y H:i:s',$timestamp+31536000) . ' GMT');

	header('Last-Modified: ' . gmdate('D, d M Y H:i:s',$attachinfo['dateline']) . ' GMT');
	header('Content-Encoding: none');
	header('Content-type: '.$attachinfo['filetype']);
	header('Content-Disposition: '.$attachment.'; filename='.urlencode($attachinfo['filename']));
	header('Content-Length: '.filesize($filepath));
	error_reporting(0);
	readfile($filepath);
	flush();
	ob_flush();
	exit;

} else {

	message('读取附件失败', './');

}

?>